Cyber security

Abuse INSIGHTS – Harnessing Python To Decode Brute Force Usernames From Compromised Hosts

Abuse INSIGHTS is a python script created to extract the usernames brute forced by a compromised host. This data is extracted by regex from Abuse IP DB’s reporter comments.

Installing

Prerequisites

  • Python 2.7

Dependencies

  • Abuse IP DB API Key.

Installation

$ git clone https://github.com/west-wind/abuse-insights.git
$ cd abuse-insights
$ python abuse-insights.py

Intended Use

The intention of this script is to obtain insights about the sort of usernames that are attempted in a brute force from a compromised host.

This can be an RDP, SSH etc brute force. Assuming your host was compromised and was used for brute-forcing SSH nodes, and folks started reporting your IP to AbuseIPDB.

When folks report, they sometimes share the raw log, and this log has information related to the username it was attempting to login with.

Generating a list of the usernmaes used can provide insight into the sort of adversary that compromised your host.

It is the end user’s responsibility to obey all applicable local, state and federal laws.

Developer assume no liability and are not responsible for any misuse or damage caused by this program.

Getting Started

This script requires the user to input the AbuseIPDB API key into the configuration file – abuseIPDB_API.conf.

To begin

$ cd abuse-insights
$ python abuse-insights.py

Enter target IP address.

IF the IP address has been reported to Abuse IP DB in the past 90 days, & username data was avaialble, then output will be saved to a csv file – abuseIPDB_Username_Intel.csv.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

1 week ago

How to Bash Append to File: A Simple Guide for Beginners

If you are working with Linux or writing bash scripts, one of the most common…

1 week ago

Mastering the Bash Case Statement with Simple Examples

What is a bash case statement? A bash case statement is a way to control…

1 week ago

How to Check if a File Exists in Bash – Simply Explained

Why Do We Check Files in Bash? When writing a Bash script, you often work…

1 week ago